Authorities have warned of QR code scams targeting the public.
The barcode-style tech has offered a speedy alternative to writing down personal details at events and venues, and has been used by governments around the world in their accelerated contact-tracing efforts.
But after almost two years of check-in procedures across the globe, the inevitable security problem sprouting from requiring billions of people to scan complex codes multiple times a day has been laid bare.
The Federal Bureau of Investigation (FBI) last week warned the public of scammers altering the QR codes that are being used to facilitate transactions and check-ins around the country amid the pandemic.
"A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts," the notice reads.
The Bureau admitted tracing attacks back to the source was tricky, warning that law enforcement "cannot guarantee the recovery of lost funds after transfer".
A report out of Texas claimed fraudulent codes had been placed on more than 25 parking stations in the city of Austin.
"People attempting to pay for parking using those QR codes may have been directed to a fraudulent website and submitted payment to a fraudulent vendor," the Austin Police Department said when it announced its investigation.
The problem is yet to officially sweep Australia, according to the Australian Competition and Consumer Commission, with just two cases of malicious QR codes being reported to the regulatory body since December 1.
However, people have been warned to stay vigilant about scanning codes, given the increasing risk of scammers collecting personal data or payments made to an otherwise trusted location.
"Scamwatch has received two scam reports about QR codes, with a total loss of $120," the ACCC said via 7News. "One report involved redirecting users to another website for payment. Another report was related to cryptocurrency wallet phishing."
Cybersecurity expert and CEO of Prevailion Karim Hijazi, who specialises in cybersecurity breaches, outlined just how easy it was for regular people to get duped by a dodgy QR code.
"The QR code will send the user of the device to a website that then asks for information like payment information or personal information that they then harvest and use for ill gains or nefarious purposes," Hijazi told Fox News.
"They are nothing more than a way to link to a website. You see them on menus these days with Covid. You can't even get a paper menu anymore these days, you have to use your phone to scan it."
Cybersecurity experts say it can be tough to remove some malware from your phone. But you can take steps to protect your devices if you think you have been led to a fraudulent or malicious site in the future.
"Change all of your passwords. Go to logins that you use regularly, like banking logins, and turn on two-factor authentication," Hijazi said.
- By Alex Blair, news.com.au